W3C home > Mailing lists > Public > whatwg@whatwg.org > November 2014

Re: [whatwg] PSA: Chrome ignoring autocomplete="off" for Autofill data

From: Roger Hågensen <rescator@emsai.net>
Date: Fri, 14 Nov 2014 04:17:47 +0100
Message-ID: <5465745B.9030007@emsai.net>
To: whatwg@lists.whatwg.org
On 2014-11-14 02:49, Glenn Maynard wrote:
> Unfortunately, even if a couple pages have a legitimate use for a 
> feature, when countless thousands of pages abuse it, the feature needs 
> to go. The damage to people's day-to-day experience outweighs any 
> benefits by orders of magnitude.
>>   Also, banks generally prefer to have autocomplete="off" for credit card
>> numbers, names, addresses etc. for security reasons. And that is now to be
>> ignored?
> Yes, absolutely.  My bank's preference is irrelevant.  It's my browser, not
> my bank's.  This is *exactly* the sort of misuse of this feature which
> makes it need to be removed.
>

By default ignoring autocomplete="off" (unless the user crawls into the 
browser settings, possibly under advanced settings somewhere?)
then those who miss-use it today will continue to do so.

Take the following example (tested only in Firefox and Chrome).
http://jsfiddle.net/gejm3jn1/

Is that what you want them to start doing?
If a bank or "security" site wishes to have input fields without 
autocomplete they can just use textarea.
Are you going to enforce autocomplete="on" for textarea now?

Why not improve the way autocomplete works so there is a incentive to 
use it the right way? (sorry I don't have any clever suggestions on that 
front).


My only suggestion now is:
Default to autocomplete="off" working just as today.
Provide a setting under Privacy settings in the browser (global). There 
are also per site privacy settings possible so (site specific).
Then add a contexts menu to all input field where autocomplete can be 
enabled/disabled. (Spellcheck already does this for example in most 
browsers).




-- 
Roger "Rescator" Hågensen.
Freelancer - http://www.EmSai.net/
Received on Friday, 14 November 2014 03:18:15 UTC

This archive was generated by hypermail 2.3.1 : Monday, 13 April 2015 23:09:32 UTC